Amazon EC2 networking doesn’t allow to use private ips in the containers through bridges or macvlan. Dedicating a network interface to a container makes it directly unreachable from the host. docker network create -d macvlan --subnet --gateway -o parent=eth0 pub_net docker run -d --network pub_net --ip busybox


Linux Bridge supported GRE Tunnels, but not the newer and more scalable VXLAN model This post will talk about the various building blocks available to speed up packet processing both hardware based e.g.SR-IOV, RDT, QAT, VMDq, VTD and software based e.g. DPDK,, OVS etc and give hands on lab experience

Vpn With Wireguard

安装 sudo add-apt-repository ppa:wireguard/wireguard sudo apt-get update sudo apt-get install wireguard -y 打开安全组 配置 创建key wg genkey | tee privatekey | wg pubkey > publickey 配置 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 link/ether 0a:81:39:72:97:90 brd ff:ff:ff:ff:ff:ff inet 10.


安装 配置 更改公钥 Endpoint所在的vpn服务器地址 Download and install the TunSafe, which is a Wireguard client for Windows. wget -O && sudo sh --2020-01-01 22:26:54-- Resolving (,,, ... Connecting to (||:443... connected. HTTP request sent, awaiting response... 302 Found Location: [following] --2020-01-01 22:26:55-- Resolving ( Connecting to raw.

Linux Bridge

Some things worth noting in br_add_if: Only ethernet like devices can be added to bridge, as bridge is a layer 2 device. Bridges cannot be added to a bridge. New interface is set to promiscuous mode: dev_set_promiscuity(dev, 1)

Aws EC2 多网卡配置

We can no longer assign a public IP address to your instance The auto-assign public IP address feature for this instance is disabled because you specified multiple network interfaces. Public IPs can only be assigned to instances with one network interface. To re-enable the auto-assign public IP address feature, please specify only the eth0 network interface. ip MAC=`curl` curl${MAC}/local-ipv4s 配置第二块网卡 ip a | grep ^[[:digit:]] tee -a /etc/network/interfaces.

Kernel Bypass Networking

RDMA (Remote Direct Memory Access), TOE (TCP Offload Engine), and OpenOnload. More recently, DPDK (Data Plane Development Kit) has been used in some applications to bypass the kernel, and then there are new emerging initiatives such as (Fast Data Input Output) based on VPP (Vector Packet Processing). More will likely emerge in the future. Technologies like RDMA and TOE create a parallel stack in the kernel and solve the first problem (namely, the “kernel is too slow”) while OpenOnload, DPDK and FD.